Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-59150

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Version 8.0.0's usage of the tls.subjectaltname keyword can lead to a segmentation fault when the decoded subjectaltname contains a NULL byte. This issue is fixed in version 8.0.1. To workaround this issue, disable rules using the tls.subjectaltname keyword.

Published

2025-10-01T21:16:43.003

Last Modified

2025-10-23T14:15:41.293

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-476

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	oisf	suricata	8.0.0	Yes

References

https://forum.suricata.io/t/suricata-8-0-1-and-7-0-12-released/6018 Release Notes ([email protected])
https://github.com/OISF/suricata/commit/d590fdfe42e995fd558315f0c24f9a352e21479d Patch ([email protected])
https://github.com/OISF/suricata/security/advisories/GHSA-mhv7-qfmj-m3f3 Patch, Third Party Advisory ([email protected])
https://redmine.openinfosecfoundation.org/issues/7881 Exploit, Issue Tracking, Vendor Advisory ([email protected])
https://www.vicarius.io/vsociety/posts/cve-2025-59150-suricata-detection-script (af854a3a-2127-422b-91ae-364da2661108)
https://www.vicarius.io/vsociety/posts/cve-2025-59150-suricata-mitigation-script (af854a3a-2127-422b-91ae-364da2661108)